Merge pull request omid-ahmadpour#9 from ahmedanwar100/refresh-token-endpoint

add refreshToken endpoint.

Author: omid-ahmadpour

src/Common/General/SiteSettings.cs

@@ -24,5 +24,6 @@ public class JwtSettings
         public string Audience { get; set; }
         public int NotBeforeMinutes { get; set; }
         public int ExpirationMinutes { get; set; }
+        public int RefreshTokenValidityInDays { get; set; }
     }
 }

src/Core/Application/Users/Command/RefreshToken/RefreshTokenCommand.cs

@@ -0,0 +1,15 @@
+using MediatR;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace CleanTemplate.Application.Users.Command.RefreshToken
+{
+    public class RefreshTokenCommand : IRequest<RefreshTokenResponse>
+    {
+        public string RefreshToken { get; set; }
+        public string AccessToken { get; set; }
+    }
+}

src/Core/Application/Users/Command/RefreshToken/RefreshTokenResponse.cs

@@ -0,0 +1,14 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace CleanTemplate.Application.Users.Command.RefreshToken
+{
+    public class RefreshTokenResponse
+    {
+        public string RefreshToken { get; set; }
+        public string AccessToken { get; set; }
+    }
+}

src/Core/Domain/Entities/Users/RefreshToken.cs

@@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations.Schema;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace CleanTemplate.Domain.Entities.Users
+{
+    public class RefreshToken : IEntity<int>
+    {
+        public int Id { get; set; }
+
+        [ForeignKey(name: nameof(User))]
+        public int UserId { get; set; }
+        public User User { get; set; }
+        public string Token { get; set; }
+        public DateTime Created { get; set; }
+        public DateTime Updated { get; set; } = DateTime.Now;
+        public DateTime ExpiryTime { get; set; }
+    }
+}

src/Core/Domain/IRepositories/IRefreshTokenRepository.cs

@@ -0,0 +1,12 @@
+using CleanTemplate.Domain.Entities.Users;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace CleanTemplate.Domain.IRepositories
+{
+    public interface IRefreshTokenRepository : IRepository<RefreshToken>
+    {
+        Task AddOrUpdateRefreshTokenAsync(RefreshToken refreshToken, CancellationToken cancellationToken);
+        Task<bool> ValidateRefreshTokenAsync(RefreshToken refreshToken, CancellationToken cancellationToken);
+    }
+}

src/Infrastructure/Persistance/CommandHandlers/Users/LoginCommandHandler.cs

@@ -2,6 +2,7 @@
 using CleanTemplate.Common;
 using CleanTemplate.Common.Exceptions;
 using CleanTemplate.Domain.Entities.Users;
+using CleanTemplate.Domain.IRepositories;
 using CleanTemplate.Persistance.Jwt;
 using MediatR;
 using Microsoft.AspNetCore.Identity;
@@ -15,12 +16,15 @@ public class LoginCommandHandler : IRequestHandler<LoginCommand, LoginResponse>
     {
         private readonly UserManager<User> _userManager;
         private readonly IJwtService _jwtService;
+        private readonly IRefreshTokenRepository _refreshTokenRepository;
 
         public LoginCommandHandler(UserManager<User> userManager,
-                                   IJwtService jwtService)
+                                   IJwtService jwtService,
+                                   IRefreshTokenRepository refreshTokenRepository)
         {
             _userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
             _jwtService = jwtService ?? throw new ArgumentNullException(nameof(jwtService));
+            _refreshTokenRepository = refreshTokenRepository ?? throw new ArgumentNullException(nameof(refreshTokenRepository));
         }
 
         public async Task<LoginResponse> Handle(LoginCommand request, CancellationToken cancellationToken)
@@ -37,7 +41,13 @@ public async Task<LoginResponse> Handle(LoginCommand request, CancellationToken
                 throw new CleanArchAppException("username or password is incorrect");
 
             var jwt = await _jwtService.GenerateAsync(user);
-
+            var refreshToken = new RefreshToken
+            {
+                UserId = user.Id,
+                ExpiryTime = DateTime.Now.AddDays(jwt.refreshToken_expiresIn),
+                Token = jwt.refresh_token
+            };
+            await _refreshTokenRepository.AddOrUpdateRefreshTokenAsync(refreshToken: refreshToken, cancellationToken);
             return new LoginResponse
             {
                 accessToken = jwt.access_token,

src/Infrastructure/Persistance/CommandHandlers/Users/RefreshTokenCommandHandler.cs

@@ -0,0 +1,61 @@
+using CleanTemplate.Application.Users.Command.RefreshToken;
+using CleanTemplate.Common;
+using CleanTemplate.Common.Exceptions;
+using CleanTemplate.Domain.Entities.Users;
+using CleanTemplate.Domain.IRepositories;
+using CleanTemplate.Persistance.Jwt;
+using MediatR;
+using Microsoft.AspNetCore.Identity;
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace CleanTemplate.Persistance.CommandHandlers.Users
+{
+    public class RefreshTokenCommandHandler : IRequestHandler<RefreshTokenCommand, RefreshTokenResponse>
+    {
+        private readonly UserManager<User> _userManager;
+        private readonly IJwtService _jwtService;
+        private readonly IRefreshTokenRepository _refreshTokenRepository;
+
+        public RefreshTokenCommandHandler(UserManager<User> userManager,
+                                   IJwtService jwtService,
+                                   IRefreshTokenRepository refreshTokenRepository)
+        {
+            _userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
+            _jwtService = jwtService ?? throw new ArgumentNullException(nameof(jwtService));
+            _refreshTokenRepository = refreshTokenRepository ?? throw new ArgumentNullException(nameof(refreshTokenRepository));
+        }
+        public async Task<RefreshTokenResponse> Handle(RefreshTokenCommand request, CancellationToken cancellationToken)
+        {
+            if (request is null)
+                throw new InvalidNullInputException(nameof(request));
+
+            var userId = _jwtService.ValidateJwtAccessTokenAsync(request.AccessToken);
+            if (userId == null)
+                throw new CleanArchAppException("AccessToken is not valid");
+
+            var refreshToken = new RefreshToken
+            {
+                UserId = userId.Value,
+                Token = request.RefreshToken
+            };
+            await _refreshTokenRepository.ValidateRefreshTokenAsync(refreshToken, cancellationToken);
+
+            var user = await _userManager.FindByIdAsync(userId.ToString());
+            var jwt = await _jwtService.GenerateAsync(user);
+            var updateRefreshToken = new RefreshToken
+            {
+                UserId = user.Id,
+                ExpiryTime = DateTime.Now.AddDays(jwt.refreshToken_expiresIn),
+                Token = jwt.refresh_token
+            };
+            await _refreshTokenRepository.AddOrUpdateRefreshTokenAsync(refreshToken: updateRefreshToken, cancellationToken);
+            return new RefreshTokenResponse
+            {
+                AccessToken = jwt.access_token,
+                RefreshToken = jwt.refresh_token
+            };
+        }
+    }
+}

src/Infrastructure/Persistance/Jwt/AccessToken.cs

@@ -9,12 +9,21 @@ public class AccessToken
         public string refresh_token { get; set; }
         public string token_type { get; set; }
         public int expires_in { get; set; }
+        public int refreshToken_expiresIn { get; set; }
 
         public AccessToken(JwtSecurityToken securityToken)
         {
             access_token = new JwtSecurityTokenHandler().WriteToken(securityToken);
             token_type = "Bearer";
             expires_in = (int)(securityToken.ValidTo - DateTime.UtcNow).TotalSeconds;
         }
+        public AccessToken(JwtSecurityToken securityToken,string refreshToken, int refreshTokenExpiresIn)
+        {
+            access_token = new JwtSecurityTokenHandler().WriteToken(securityToken);
+            token_type = "Bearer";
+            expires_in = (int)(securityToken.ValidTo - DateTime.UtcNow).TotalSeconds;
+            refresh_token = refreshToken;
+            refreshToken_expiresIn = refreshTokenExpiresIn;
+        }
     }
 }

src/Infrastructure/Persistance/Jwt/IJwtService.cs

@@ -6,5 +6,6 @@ namespace CleanTemplate.Persistance.Jwt
     public interface IJwtService
     {
         Task<AccessToken> GenerateAsync(User user);
+        int? ValidateJwtAccessTokenAsync(string token);
     }
 }

src/Infrastructure/Persistance/Jwt/JwtService.cs

@@ -7,7 +7,9 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 
@@ -30,8 +32,8 @@ public async Task<AccessToken> GenerateAsync(User user)
             var secretKey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.SecretKey); // longer that 16 character
             var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature);
 
-            var encryptionkey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.EncryptKey); //must be 16 character
-            var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
+            var encryptionKey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.EncryptKey); //must be 16 character
+            var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionKey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
 
             var claims = await GetClaimsAsync(user);
 
@@ -51,7 +53,38 @@ public async Task<AccessToken> GenerateAsync(User user)
 
             var securityToken = tokenHandler.CreateJwtSecurityToken(descriptor);
 
-            return new AccessToken(securityToken);
+            return new AccessToken(securityToken: securityToken,
+                refreshToken: GenerateRefreshToken(),
+                refreshTokenExpiresIn: _siteSetting.JwtSettings.RefreshTokenValidityInDays);
+        }
+
+        public int? ValidateJwtAccessTokenAsync(string token)
+        {
+            var secretKey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.SecretKey); // longer that 16 character
+            var encryptionKey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.EncryptKey); //must be 16 character
+
+            var tokenHandler = new JwtSecurityTokenHandler();
+            try
+            {
+                tokenHandler.ValidateToken(token, new TokenValidationParameters
+                {
+                    ValidateIssuerSigningKey = true,
+                    IssuerSigningKey = new SymmetricSecurityKey(secretKey),
+                    TokenDecryptionKey = new SymmetricSecurityKey(encryptionKey), 
+                    ValidateIssuer = false,
+                    ValidateAudience = false,
+                    // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
+                    ClockSkew = TimeSpan.Zero
+                }, out SecurityToken validatedToken);
+
+                var jwtSecurityToken = (JwtSecurityToken)validatedToken;
+                var userId = int.Parse(jwtSecurityToken.Claims.First(claim => claim.Type == "nameid").Value);
+                return userId;
+            }
+            catch 
+            {
+                return null;
+            }
         }
 
         private async Task<IEnumerable<Claim>> GetClaimsAsync(User user)
@@ -69,5 +102,12 @@ private async Task<IEnumerable<Claim>> GetClaimsAsync(User user)
 
             return claims;
         }
+        private static string GenerateRefreshToken()
+        {
+            var randomNumber = new byte[64];
+            using var rng = RandomNumberGenerator.Create();
+            rng.GetBytes(randomNumber);
+            return Convert.ToBase64String(randomNumber);
+        }
     }
 }